Lenovo chatbot breach highlights AI security blind spots in customer-facing systems - csoonline.com

Lenovo's GPT-4-powered chatbot "Lena" was vulnerable to cross-site scripting (XSS) attacks due to improper input and output sanitization, initiated by a malicious prompt. This allowed attackers to steal session cookies and potentially gain unauthorized access to customer support systems, facilitating further system command execution and lateral movement.